KeePass PlugIn

Ensure strong password security in the company

DoubleClue KeePass Plugin Provides KeePass Users with Comprehensive Security Upgrade through Multifactor Authentication

Neustadt an der Aisch, Germany, April 28, 2021 – The HWS Group, a medium-sized provider of software development and IT services, offers companies with DoubleClue a holistic software solution for identity management. The integrated DoubleClue PasswordSafe builds on KeePass. Centralized password storage and additional multifactor authentication protect against password and identity theft.

DoubleClue PasswordSafe is based on the encryption algorithm of KeePass, a globally popular open-source password manager. This compatibility allows easy import and export of existing data from KeePass using the DoubleClue KeePass plugin. At the same time, multifactor authentication, as well as centralized storage in the cloud, increase the application’s security. Since passwords are not stored on the end device, DoubleClue PasswordSafe enables secure usage on multiple devices.

Identity protection requirements in the company environment have increased

“The BKA has observed an increasing number of cyberattacks on companies for years. This brings the question of effective technical protection as well as a sustainable password policy to the forefront at management levels,” says Emanuel Galea, Senior Director Software Development at HWS. “Our experience has shown that many companies rely on KeePass. However, KeePass lacks key collaboration and security features by default in the company environment.”

KeePass gets a comprehensive security upgrade with the DoubleClue KeePass plugin. Multifactor authentication and centralized encrypted storage meet current security and mobility requirements in the company environment.

DoubleClue PasswordSafe eliminates password theft by insiders

Along with organized crime, insiders are primarily responsible for enterprise data incidents. A Bitkom study published in 2019 suggests that insiders were responsible for data espionage and sabotage in more than half of the companies surveyed.

HWS Group has responded to this finding. DoubleClue relies on a two-part key for encryption in the cloud. The important part of the key is known only to the user. This rules out unauthorized access by internal resources despite central storage. Multifactor authentication also protects against account theft, such as phishing or brute force attacks.

DoubleClue PasswordSafe at a glance

  •  Encryption with a two-part key prevents internal and external access by third parties
  •  Integrated multifactor authentication protects against account theft
  • DoubleClue KeePass plugin allows the import and export of KeePass (kdbx) files into DoubleClue PasswordSafe
  • High usability thanks to the clear web portal and mobile apps for Android and iOS with AutoFill
  • Centralized encrypted storage of passwords ensures device-independent access and sharing of credentials and passwords with internal and external contacts
  • Use on-premises or in the HWS high-security cloud on German servers

With DoubleClue, the HWS Group offers companies of all sizes a comprehensive solution in the area of identity security. A deep Identity and Access Management (IAM) with integrated highly secure PasswordSafe as well as cloud storage and modern Multifactor Authentication (MFA).

Contact Information

Michaela Senft
Marketing & Communication Manager, HWS Gruppe

Tel: +49 (0)151 5351 2501



Deepfake – what is real?

The digital and analog worlds are becoming increasingly blurred. With the rapid development of artificial intelligence and machine learning, the information we receive is becoming increasingly complex. Nevertheless, we are finding that what we humans find very easy – such as facial recognition – first has to be taught to artificial intelligence. This so-called deep learning is a very complex process. Put simply, the algorithm breaks down the complex structures of the object into individual hierarchically structured concepts. This is how the machine “learns” to recognize and interpret complex structures. And even – to manipulate them. This makes the transition between real and fake news fluid. For example, today we encounter image manipulation in the form of deepfake. This term is borrowed from Deep Learning denotes a deep identity fraud: with the help of state-of-the-art AI-supported software, it is possible to fake images, soundtracks, and even entire videos. Deceptively real.

Media manipulation through deepfake

At first, using AI-based systems to create new identities and stories sounds quite exciting and entertaining. A bit like Sims back then, only much more real and with better graphics. On the Internet, you can find some sites where you can create freely invented faces. Why not give them a story as well? At the same time, the boundaries between reality and lies are blurred here.

At the same time, this form of artificial intelligence shows us how easily our media can be manipulated. And how difficult it is for us to distinguish manipulated recordings from real ones. This has an impact on how we deal with media. Because if we can’t be sure that the image we’re shown is real, what are we supposed to believe? Which part of the information offered is genuine, which possibly cleverly faked?

Depending on how we evaluate a piece of information, this can influence our decisions. This starts with credibility in our private lives, but can ultimately change our political landscape as well.

Especially in the area of cyberstalking against private individuals and celebrities, deepfake has already made inroads. Through clever video manipulation, an alternative story can be attributed to anyone, a private person or a public figure. In the form of Revenge Porn, fake content is found that imputes an apparent past to people – even if in reality a video has been manipulated or even reinvented using Deepfake. In the end, this not only damages reputations, but also the mental health of those affected.

Social Engineering 2.0

Deepfake is also finding new dangerous methods in the area of white-collar crime. Social engineering attacks that have a personal connection to the victim are already particularly successful. Time pressure, pressure to perform, or hierarchical constraints often lead to the successful disclosure of identification features or internal information. But how much more successful is a CEO fraud in which voice swapping (=imitation of voices using deepfake) is used? In other words, when the supposed CEO on the phone actually sounds like the CEO or even appears in a video conference. It is then no longer possible for people to distinguish between a fake and a real telephone call.

The end of biometric credentials?

Ultimately, the development that any image, video, or voice recording can be manipulated also has an impact on the possibilities of logging in with biometric data. After all, how secure are biometric logins via FaceID if really anyone can forge an image? The answer is nevertheless reassuring: Compared to passwords or other character-based login methods, biometric authentication is comparatively secure. However, there is still a residual risk, which is why you should never rely on just one authentication method. Only the interaction of at least two authentication methods makes a login secure – both privately and professionally.